TWI568235B - Secure and private location - Google Patents

Description

Secure private location technology Technical field of invention

Embodiments of the present invention are generally related to location services. More specifically, embodiments of the present invention relate to techniques for providing secure and private access to mobile platform location information.

Technical background of the invention

As high-resolution location technologies can be used in platforms such as small laptops, notebook computers, and mobile internet devices (MIDs), end users' privacy considerations also increase. For example, a malicious software residing on such a platform may send the location of the platform to an external entity without being authorized by the user. Even if the user authorization can release the location information for some entities, others may still be able to intercept the location information. In addition, it is difficult for a location service provider to determine the true source of the received location information, as a malicious agent may appear in the host operating system (OS) or in the transmission path of the location information.

Summary of the invention

According to an embodiment of the present invention, a method is specifically provided, comprising the steps of: receiving location information for a platform on a processor of a platform via a link; and preventing a one associated with the platform The operating system performs unauthorized access to the location information.

Brief description of the schema

A person skilled in the art will be able to clearly understand the various advantages of the embodiments of the present invention by reading the following description of the invention and the accompanying drawings, in which: FIG. An example of an architecture for preventing unauthorized access to a location by an operating system associated with a platform; FIG. 2 is a block diagram showing an architecture of an embodiment in accordance with an embodiment For example, the architecture is used to ensure the security of external access operations on location information; FIG. 3 is a block diagram showing an example of a computing platform according to an embodiment; FIG. 4 is a flow chart showing an implementation according to an embodiment. An example of a method for exchanging location information through a shared bus; FIG. 5 is a flowchart showing a method for obtaining location information of a platform in a state in which a cover is lifted according to an embodiment. Example; FIG. 6 is a flow chart showing an example of a method of obtaining user authorization to release location information to a platform in accordance with an embodiment; and FIG. The flowchart illustrates an example of a method of obtaining user authorization to release location information for an entity located outside of a platform, in accordance with an embodiment.

Detailed description of the preferred embodiment

Embodiments of the invention may include a method for receiving location information for the platform via a link on a processor of a platform. The method can also be used to prevent unauthorized access to the location information by an operating system associated with the platform.

Embodiments of the invention may also include a device having logic components for receiving location information for the platform via a link on a processor of a platform. The logic component also prevents unauthorized access to the location information by an operating system associated with the platform.

Moreover, embodiments of the present invention can include a platform having a wireless data module for receiving an access point identifier. The platform can also include a global positioning system (GPS) sensor, a primary processor, a link coupled to the GPS sensor, and an auxiliary processor coupled to the link. The auxiliary processor can have a logic component for receiving a GPS location for the platform from the GPS sensor via the link, wherein the GPS location and the access point identifier are used to define location information. The logic component also prevents unauthorized access to the location information by an operating system associated with the primary processor.

Referring now to Figure 1, an architecture 10 is shown in which a secure location service is enabled for a mobile computing platform. In the illustrated example, the platform's operating system (OS) 12 is provided with an untrusted link 14 containing a global positioning (GPS) sensor (eg, receiver) 16 and contains wireless data (eg, Wi-Fi) , IEEE 802.11, 1999 edition) an untrusted link 18 of the module 20, wherein the GPS sensor 16 and the wireless data module 20 can generate and/or obtain location information for the platform (eg, cell identification) Other position sensors of the detector may also provide location information for the platform). However, the hardware/firmware ("HW/FW") 22 of the platform is provided with trusted links 24 and 26 that respectively include a GPS sensor 16 and a wireless data module 20. Thus, by designating links 14 and 18 as untrusted links, the illustrated architecture 10 enables the location information corresponding to the platform to be protected from potential malicious software associated with OS 12. Authorized access. In particular, the trusted links 24 and 26 between the HW/FW 22 and the position sensors enable the HW/FW to ensure the security of the location information (eg, encryption, signing), and can be in the right The OS 12 and the requester of the location information authenticate the requesters before releasing the location information.

2 shows a computing platform 28 having a position sensor (eg, GPS sensor 16) and a wireless data module 20 (which provides location information for platform 28). In the illustrated example, platform 28 also includes primary processor 34 and secondary processor 36 (eg, embedded microcontroller, supervisor engine/ME, auxiliary processing unit/SPU), where primary processor 34 can execute an OS ( For example, a core device driver, an application interface/API, etc., not shown, and a normally-on switch 38 is disposed between the GPS sensor 16 and the main processor 34 and/or the remainder of the platform 28. The switch 38 can be placed in a path to the port 39, such as a USB port (universal string) to which the main processor 34 of the platform 28 and/or other components (eg, a network controller) may be coupled. Column bus, such as USB Specification 2.0, USB Developer Forum) or other hardware interface (such as COM). Switch 38 can also be a logical switch, or can even be a switching command that switches from auxiliary processor 36 to GPS sensor 16. The auxiliary processor 36, which is similar to the HW/FW 22 (FIG. 1) described above, may include a logic component 40 for outputting on a screen of the user by a secure output window (eg, displayed on the user's screen) The "elves" menu above the other content now prompts a user of the platform 28 to provide authorization to allow the OS and the rest of the platform to directly access the GPS location information. The displayed logic component will only initiate the switch 38 when such authorization is received.

Logic component 40 can also be configured to receive GPS location information from GPS sensor 16 via link 42, where link 42 can be proprietary (eg, dedicated bus; system management bus/SMBus specification, SBS development) Forum, version 2.0, August 3, 2000, etc.), or can be shared (for example, shared bus; SMBus, USB, etc.). If the link 42 is a shared link, the logic component 40 can exchange one or more with the GPS sensor 16 through the link 42 during a boot time associated with the platform 28 before the OS assumes the task of controlling the platform 28. Keys. The GPS sensor 16 may thus initially deliver a public key to the logic component 40 and subsequently encrypt and sign the GPS location information using a private key prior to transmission to the secondary processor 36 via the link 42. Logic component 40 can then use the public key obtained at boot time to identify and decrypt any location information received through link 42 to verify that the actual source of the location information is GPS sensor 16. Alternatively, the auxiliary processor 36 and/or logic component 40 can be incorporated into the GPS sensor 16.

Can be used when platform 28 is in an inactive state (eg, top cover, standby, hibernate, or off state; for example, ACPI/Advanced Configuration and Power Interface Specification, ACPI Specification, Revision 4.0, June 16, 2009) Day; S3, S4 or S5 power state), the GPS location is obtained from the GPS sensor 16 News. In particular, when it has been determined that the upper cover (eg, a hinged display) is off, the platform that is assembled to enter a low power state is in an outdoor state (eg, while in transit) and is considered to be ineffective when the GPS receiver is inactive. The height of the GPS satellite launch is often in this state. However, once the upper cover is opened and the GPS receiver is enabled, considering the GPS satellite launch altitude (eg, indoors), the platform may no longer be in that state.

By periodically activating (eg, according to a predetermined schedule; every five minutes, etc.) the GPS sensor 16 and obtaining GPS location information while the platform 28 is in the raised state of the upper cover, the logic component 40 can store the location information for GPS location information may not be available when available. In one example, the GPS location information and an associated timestamp are stored in a non-electrical memory location (not shown) that can only be accessed by the auxiliary processor 36. Subsequent actions to use the stored GPS location information can provide several advantages, such as faster GPS Position Time (TTF) functionality.

In addition, logic component 40 can communicate with wireless data module 20 via link 44. In one example, the wireless data module 20 includes a Wi-Fi function, wherein the wireless data module 20 obtains access point basic service group identifier (BSSID) information that can be used to determine a location of the platform 28. In such a situation, logic component 40 can use a C-link (e.g., link 44) and a random seed generated in auxiliary processor 36 to release the remaining portion of platform 28 at transmission link 41. The BSSID information is obtained by hashing the wireless data module 20 before the BSSID information. Thus, the hashing action can provide a function similar to switcher 38 (e.g., to prevent unauthorized use of the wireless data module as a position sensor).

The illustrated platform 28 also communicates with the service provider 30 via the network 32, wherein the service provider 30 delivers a request 46 for location information via the network 32 to a trust-aware application 48 executing on one of the processors of the platform 28, For example, the main processor 34. The primary processor 34 can have one or more processor cores (not shown), wherein each core can be fully associated with an instruction fetch unit, an instruction decoder, a first layer (L1) cache, an execution unit, and the like. effect. Trust-aware application 48 may involve as a user authenticate e-commerce web application (eg, PayPal ^®) or bank applications (for example, Internet banking). Thus, the service provider 30 may incorporate the location information into the user authentication program associated with the trust-aware application 48, so the user of the platform 28 can be verified using the response to the request 46 made by the location of the platform 28. identity of.

In such a situation, the request 46 can include a credential 52 obtained from a trusted third party and a public key (not shown) associated with the service provider 30, and the logical component 40 can be trusted by the trust The third party locally stores a credential on the auxiliary processor 36 to authenticate the received credential 52. Logic component 40 may also prompt a user of platform 28 (e.g., via a wizard menu) to authorize the service provider 30 to release the location information. Upon receiving the authorization, the displayed logic component 40 encrypts the requested location information using the public key associated with the service provider 30 and transmits the encrypted and signed location information to the service provider 30. The authentication and encryption procedures can thus enable a logical link between the auxiliary processor 40 and the service provider 30, which can be logically viewed as an authorized and secure tunnel 50. If the authorization is denied or if the certificate 52 cannot be verified, the logic The component 40 can retain the location information and not let the requesting service provider 30 know.

3 shows a computing platform 54 with an auxiliary processor 56 and software 58 including a trust-aware application 48 and a location-aware application 60, such as a web-based map application (eg, ^Google® map). Applications 48 and 60 can communicate with backend 64 of service provider 62 over network 32 to support secure location services. The software 58 shown also includes an embedded controller interface driver 66 (e.g., HECI driver) for communicating with a corresponding embedded controller interface driver 68 of the auxiliary processor 56.

Auxiliary processor 56 is shown, which may be integrated into an input/output (IO) device and sometimes referred to as a south bridge or south complex of a chipset, including identity protection module 70, sensor strategy The application 72, the anti-theft module 74, the upper cover pick-up module 76, the upper cover pick-up data storage 78, the upper cover sensor 80, and the security control applications 82 and 84 are implemented. The security control application 82 communicates with the GPS sensor 16 and can control the generation of the GPS sensor 16 via a switch (not shown) disposed in the USB host controller 86 (which is controlled by line 87). The direct software access action of the GPS location information, and wherein the host controller 86 sequentially communicates with the USB driver 88 of the software 58. The security control application 84 communicates with the wireless data module 20 and can hash the access point BSSID information obtained by the wireless data module 20 from the WLAN (wireless area network) driver 90 of the software 58. An alternate logical switch can be implemented through a private link 17 between the security control application 82 and the GPS sensor 16.

The displayed security control applications 82 and 84 can also release a secure (e.g., encrypted and signed) location information to the sensor policy enforcement application 72, which can perform any action regarding access to the secure location information. Strategy (eg, user defined, preset, etc.). For example, in response to the sleep/cap sensor 80 detecting that the platform 54 has entered a top cover lift state, the upper cover lift module 76 can trigger retrieval from the GPS sensor 16 according to a predetermined schedule (eg, every 5 minutes). The action of the secure GPS location information, and the retrieved GPS location information is placed in the top cover data store 78 for later use. The cover state is not detected, and the cover sensor 80 can simply indicate the logic state of an inactive platform, wherein an OS application or other software component indicates to the auxiliary processor 56 via a HECI or other message that the platform is in a Active status. Moreover, if the anti-theft module 74 determines that the platform 54 may be lost or stolen, the anti-theft module 74 can retrieve the secure location from the wireless data module 20 and/or the GPS sensor 16 via the sensor policy enforcement application 72. News.

The service provider 62 can also include an identity protection infrastructure 92 that maintains a user profile profile 94, wherein the profile 94 can identify individuals and/or entities that are permitted to access the location information of the platform 54. Thus, identity protection module 70 can further limit the act of accessing the location information in conjunction with identity protection infrastructure 92.

Referring now to Figures 4 through 7, various methods 96, 106, 118 and 126 are shown. The methods 96, 106, 118, and 126 can be implemented in an embedded microcontroller using circuit techniques such as Application Specific Integrated Circuit (ASIC), Complementary Metal Oxide Semiconductor (CMOS), or Transistor-Transistor Logic (TTL) techniques. A set of firmware logic instructions, such as random access memory (RAM), read-only memory (ROM), programmable as a fixed-function hardware, as a device or computer-readable storage medium stored in a memory ROM (PROM), flash memory, etc., or any combination of these.

In particular, reference is made to FIG. 4, which shows an exemplary method 96 of exchanging location information through a shared bus of a computing platform. Processing block 98 provides for exchanging one or more keys with a location sensor through the shared bus during a boot time associated with the platform. In an example, the position sensor transmits its public key to the embedded microcontroller before an operating system (OS) assumes the control action of the platform. In block 100, location information is received from the location sensor via the shared bus, wherein the displayed block 102 identifies a signature of the source of the location information based on the previously exchanged key. . Block 104 provides the ability to decrypt the received location information based on the previously exchanged (etc.) key. If the link to the position sensor is a dedicated link, the method 96 can be omitted from the location information retrieval procedure.

Figure 5 illustrates a method 106 for obtaining location information for a computing platform in a raised state. Processing block 108 provides functionality to determine whether the computing platform is in an inactive (e.g., top-up) state, such as a S3, S4, or S5 low power ACPI state. The decision action in block 108 may involve interrogating the upper cover sensor 80 (Fig. 3). If the platform is in an inactive (e.g., upset) state, it may be determined in block 110 whether a predetermined schedule indicates that the location information for the platform was obtained. If not, the method 106 shown performs another check for the raised state of the upper cover. Otherwise, block 112 may activate the position sensor, wherein block 114 is shown to provide functionality for obtaining location information and storing the location information in a secure non-volatile memory location (eg, only by the processor/ The location of the embedded microcontroller access). The position sensor can be deactivated in block 116.

Referring now to Figure 6, a method 118 for obtaining user authorization to release location information for an operating system of a computing platform is shown. Block 120 provides a function to prompt a user of the platform to release location information corresponding to the platform for an operating system associated with the platform. As previously mentioned, the prompting action may include displaying one or more security sprite menus, or in addition to or instead of the method, using a BIOS (Basic Input/Output System) UI (User Interface) menu For authorization by the user. If the user authorization is received, a normal open switch between a position sensor and one of the remaining portions of the platform can be activated in block 122. If the user authorization is not received, the displayed block 124 will keep the switch un-started. Therefore, the location information is released to the platform only when the user authorization is received in the displayed instance.

Figure 7 illustrates a method 126 of obtaining user authorization to release information to a requester located outside of a platform. In particular, a request for location information from a service provider (e.g., a requestor) can be received in block 128, wherein the request can include a credential and a public key corresponding to the service provider. The illustrated block 130 provides the ability to authenticate the requestor based on the credential. If it is determined in block 131 that the requestor is illegal/illegal, the location information may be retained in block 142 without providing the location information. If the requester is legitimate/legitimate, block 132 may obtain the requested location information (eg, from an active location sensor, if the current location information is not available, it may only be accessed by the secondary processor) A 'top cover picks up' storage location) and the location information is encrypted with the service provider's public key (and the 'top cover' timestamp, if appropriate).

Here, the current location information may not be available when the service provider makes a request. In such a situation, method 126 can also include reporting to the service provider that the current location information is not available, and receiving another request from the service provider for timestamp location information. The subsequent request can also be authenticated, wherein the location information from the GPS sensor and an associated timestamp can be encrypted in response to the subsequent request. Alternatively, the location information and the timestamp can be returned in response to the initial request without requiring the service provider to make a subsequent request. In block 134, the encrypted location information (and timestamp, if appropriate) may be signed using a credential obtained from a trusted party and stored locally in an embedded microcontroller of the platform.

Block 136 can provide a function to prompt a user of the platform to obtain authorization to release location information for the service provider. The prompting action can include identifying the service provider and notifying the user of the result of the authentication process via a wizard menu (eg, the identity of the service provider, whether or not it has been verified). If it is determined in block 138 that an authorization has been received, the encrypted and signed location information may be released in block 140 for transmission to the service provider. If a time stamp is transmitted along with the location information, the service provider can determine whether to use the location information according to the time limit of the time stamp. If no authorization is received, the displayed block 142 provides the functionality to retain the location information without providing it.

Embodiments of the invention are suitable for use with all types of semiconductor integrated circuit ("IC") wafers. Examples of such IC chips include, but are not limited to, processors, controllers, chipset components, programmable logic arrays (PLAs), memory chips, network chips, system on silicon (SoC), SSD/NAND controller ASICs. and many more. In addition, in some drawings, the signal conducting lines are represented by straight lines. Some lines may be thicker to indicate a more continuous signal path; some lines may be numbered to indicate multiple consecutive signal paths; and/or some lines may have arrows on one or more endpoints to indicate the primary information Flow direction. However, the above description should not be construed in a limited manner. Conversely, the added details may be used in connection with one or more exemplary embodiments for easier understanding of a circuit. Any of the signal lines shown, whether or not with additional information, may actually include one or more signals transmitted in multiple directions and may be implemented by any suitable type of signal scheme, such as a differential signal pair, Optical or digital lines and/or single-ended lines are used to implement digital or analog lines.

The exemplified size/model/value/range may have been given, although the invention is not limited thereto. As manufacturing techniques, such as photolithography, become more sophisticated, it is expected that devices of smaller size can be fabricated. In addition, known power/ground connections for IC chips and other components may or may not be shown in the drawings for the purpose of briefing and discussion, and also for purposes of not obscuring the focus of the present invention. Furthermore, various configurations may be shown in block diagram form in order to avoid obscuring the focus of the present invention, and in view of the implementation of the block diagram configuration, the platform for implementing the present invention is highly dependent upon, i.e., such Specific details should be within the scope of what is apparent to those skilled in the art. The specific details (e.g., circuits) have been set forth to illustrate the exemplary embodiments of the present invention, and those skilled in the art will understand that the invention may be practiced without the specific details or variations thereof. The description of the invention should therefore be considered as illustrative and not limiting.

The term "coupled" may be used herein to mean any type of relationship between the components in the discussion, whether direct or indirect, and applicable to electrical, mechanical, fluid, optical, electromagnetic, Motor, or other wiring. In addition, terms such as “first” and “second” are used only to facilitate discussion, and there is no importance of any tense or chronological order unless otherwise indicated.

It will be apparent to those skilled in the art that the broad teachings of the embodiments of the present invention can be practiced in many different forms. Therefore, although the embodiments of the present invention have been described in connection with the specific examples, the true spirit of the embodiments of the present invention should not be construed as limited. Program.

10. . . Architecture

12. . . Operating system (OS)

14. . . Untrusted link

16. . . Global positioning (GPS) sensor

17. . . Private link

18. . . Untrusted link

20. . . Wireless data module

twenty two. . . Hardware/firmware ("HW/FW")

twenty four. . . Trusted link

26. . . Trusted link

28. . . platform

30. . . service provider

32. . . network

34. . . Main processor

36. . . Auxiliary processor

38. . . Switcher

39. . . Pass

40. . . Logical component

41. . . link

42. . . link

44. . . link

46. . . request

48. . . Trust-aware application

50. . . Authorized and secure tunnel

52. . . certificate

54. . . Computing platform

56. . . Auxiliary processor

58. . . software

60. . . Location aware application

62. . . service provider

64. . . rear end

66. . . Embedded controller interface driver

68. . . Embedded controller interface driver

70. . . Identity protection module

72. . . Sensor strategy implementation application

74. . . Anti-theft module

76. . . Upper cover

78. . . Top cover pick up data storage

80. . . Upper cover sensor

82. . . Security control application

84. . . Security control application

86. . . Host controller

87. . . line

88. . . USB drive

90. . . WLAN (Wireless Local Area Network) drive

92. . . Identity protection infrastructure

94. . . User profile

96. . . method

98~104. . . Step block

106. . . method

108~116. . . Step block

118. . . method

120~124. . . Step block

126. . . method

138~142. . . Step block

1 is a block diagram showing an example of an architecture for preventing unauthorized access to a location by an operating system associated with a platform, in accordance with an embodiment;

2 is a block diagram showing an example of an architecture for ensuring the security of external access to location information, in accordance with an embodiment;

Figure 3 is a block diagram showing an example of a computing platform in accordance with an embodiment;

4 is a flow chart showing an example of a method of exchanging location information through a shared bus according to an embodiment;

5 is a flow chart showing an example of a method for obtaining position information of a platform in a state in which a cover is lifted, according to an embodiment;

Figure 6 is a flow chart showing an example of a method of obtaining user authorization to release location information to a platform, in accordance with an embodiment;

Figure 7 is a flow chart showing an example of a method of obtaining user authorization to release location information for an entity located outside of a platform, in accordance with an embodiment.

10. . . Architecture

12. . . Operating system (OS)

14. . . Untrusted link

16. . . Global positioning (GPS) sensor

18. . . Untrusted link

20. . . Wireless data module

twenty two. . . Hardware/firmware ("HW/FW")

twenty four. . . Trusted link

26. . . Trusted link

Claims (21)

A method comprising: receiving location information for a platform on an auxiliary processor of a platform via a link; and preventing unauthorized access to the location information by an operating system associated with the platform One or more of the following: in response to activation of one of the switches by the auxiliary processor, the operating system performs direct access to a GPS location from a Global Positioning System (GPS) sensor; or The access point identifier is hashed using one of the seeds generated by the auxiliary processor before an access point identifier is released to the operating system. The method of claim 1, wherein the link comprises a dedicated bus bar. The method of claim 1, wherein the link comprises a shared bus, and the method further comprises: before the operating system obtains control of the platform, through the shared bus associated with the platform, Exchanging one or more keys between the GPS sensor and the auxiliary processor; authenticating a signature of the GPS sensor according to the one or more keys; and determining the one or more keys according to the one or more keys , decrypt the GPS location. The method of claim 1, wherein the method comprises: prompting a user of the platform to authorize to be authorized by the operating system The direct access of the GPS location; and if the authorization is received, the switch is activated, wherein the switch is disposed between the GPS sensor and a hardware port leading to the platform. The method of claim 1, further comprising: receiving a request from a service provider located outside the platform for the location information; authenticating the request; based on one or more associated with the service provider a key to encrypt the location information; sign the encrypted location information; prompt a user of the platform to authorize the release of the encrypted and signed location information; and if the authorization is received, release the platform The encrypted and signed location information. The method of claim 1, further comprising: if the platform is in an inactive state according to a predetermined schedule, starting the GPS sensor of the platform; if the GPS sensor responds to the predetermined row The process is initiated to request the location information from the GPS sensor; and store the location information and an associated timestamp in a non-volatile memory accessible only by the processor. The method of claim 1, wherein the location information includes an access point basic service group identifier (BSSID). A device comprising: a logic component for: receiving location information for the platform on an auxiliary processor of a platform via a link; and preventing unauthorized storage of the location information by an operating system associated with the platform Taking one or more of the following: in response to activation by one of the switchers by the auxiliary processor, the operating system is to perform direct access to a GPS location from a Global Positioning System (GPS) sensor Or use a seed generated by the auxiliary processor to hash the access point identifier before an access point identifier is released to the operating system. The device of claim 8, wherein the link comprises a dedicated bus bar. The device of claim 8, wherein the link comprises a shared bus, and the logic component is configured to: exchange one or more with the GPS sensor through the shared bus associated with the platform Keys; identifying a signature of the GPS sensor based on the one or more keys; and decrypting the GPS location based on the one or more keys. The device of claim 8, further comprising a switch disposed between the GPS sensor and a port leading to the platform, wherein the logic component is configured to: prompt a use of the platform Authorized to permit access to the GPS location Direct access to the system; and if the authorization is received, the switch is started. The device of claim 8, wherein the logic component is configured to: receive a request from a service provider located outside the platform for the location information; identify the request; and associate with the service provider One or more keys, encrypting the location information; signing the encrypted location information; prompting a user of the platform to authorize the release of the encrypted and signed location information; and if receiving the authorization, The platform releases the encrypted and signed location information. The device of claim 8, wherein the logic component is configured to: if the platform is in an inactive state according to a predetermined schedule, activate the GPS sensor of the platform; if the GPS sensor is subjected to Initiating, requesting the location information from the GPS sensor; and storing the location information and an associated timestamp in a non-electrical memory accessible by the processor. For example, the device of claim 13 wherein the logic component is used to: Receiving a first request from a service provider located outside the platform for the location information; authenticating the first request; reporting the current location information to the service provider as unavailable; receiving the service provider for the timestamp a second request for location information; authenticating the second request; encrypting the location information from the GPS sensor and the associated timestamp; signing the encrypted location information and the associated timestamp; The encrypted and signed location information and the associated timestamp are transmitted to the service provider. The device of claim 8, wherein the location information is to include an access point basic service group identifier (BSSID). A platform comprising: a wireless data module for receiving an access point identifier; a global positioning system (GPS) sensor; a primary processor for executing an operating system; coupled to the GPS a link of the sensor; and an auxiliary processor coupled to the link, the auxiliary processor including logic components to receive a GPS location for the platform from the GPS sensor via the link, Where the GPS location and the access point An identifier is used to define location information; and to prevent unauthorized access to the location information by the operating system associated with the primary processor, wherein one or more of: responding to the secondary processor pair One of the switches is activated, the operating system is to perform direct access to the GPS location from the GPS sensor; or the auxiliary processor is used before the access point identifier is released to the operating system One of the seeds is generated to hash the access point identifier. For example, the platform of claim 16 of the patent scope, wherein the link includes a dedicated bus bar. The platform of claim 16, wherein the link comprises a shared bus, and the logic component is configured to exchange one or more with the GPS sensor through the shared bus associated with the platform. a key; a signature identifying the source of the GPS location based on the one or more keys; and decrypting the GPS location based on the one or more keys. The platform of claim 16 further comprising a switch disposed between the GPS sensor and the main processor, wherein the logic component is configured to: prompt a user of the platform to authorize Direct operating system access to the GPS location; If the authorization is received, the switch is started. The platform of claim 16, wherein the logic component is configured to: receive a request from a service provider located outside the platform for the location information; and authenticate the request; according to the service provider One or more keys coupled to encrypt the location information; sign the encrypted location information; prompt a user of the platform to authorize the release of the encrypted and signed location information; and if the authorization is received, The encrypted and signed location information is released to the platform. The platform of claim 16 further comprising a non-electrical memory accessible by the auxiliary processor, wherein the logic is configured to: if the platform is in an inactive state according to a predetermined schedule Activating the GPS sensor; if the GPS sensor is activated, requesting the location information from the GPS sensor; and storing the location information and an associated timestamp in the non-electrical memory.